npmpackage.info

Gathering detailed insights and metrics for swagger-ui-dist

Gathering detailed insights and metrics for swagger-ui-dist

swagger-ui-dist - 5.27.0 | npmpackage.info

swagger-ui-dist

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.

5.27.0

27,916

Apache-2.0

JavaScript

10.95 MB

Installations

npm install swagger-ui-dist

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

22.17.0

NPM Version

10.9.2

Score

99.7

Supply Chain

81.7

Quality

97.5

Maintenance

100

Vulnerability

87.6

License

Pull Requests

Open

90

Total

4,497

Closed

1,103

Merged

3,304

Issues

Open

1,203

Total

5,628

Closed

4,425

Releases

375

v5.27.0

Updated on Jul 16, 2025

v5.26.2

Updated on Jul 07, 2025

v5.26.1

Updated on Jul 07, 2025

v5.26.0

Updated on Jul 02, 2025

v5.25.4

Updated on Jul 01, 2025

v5.25.3

Updated on Jun 26, 2025

View All 375 releases

Languages

6

JavaScript

SCSS

HTML

Shell

Dockerfile

CSS

JavaScript (95.26%)

SCSS (3.43%)

HTML (0.92%)

Shell (0.27%)

Dockerfile (0.1%)

CSS (0.02%)

Developer

Download Statistics

Total Downloads

0

Last Day

0

Last Week

0

Last Month

0

Last Year

0

GitHub Statistics

Apache-2.0 License

27,916 Stars

6,745 Commits

9,162 Forks

641 Watchers

87 Branches

552 Contributors

Updated on Jul 19, 2025

Maintainers

4

View All 552 Contributors

Package Meta Information

Latest Version

5.27.0

Package Id

swagger-ui-dist@5.27.0

Unpacked Size

10.95 MB

Size

3.02 MB

File Count

31

NPM Version

10.9.2

Node Version

22.17.0

Published on

Jul 16, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

0%

NaN

Compared to previous day

Last Week

0%

NaN

Compared to previous week

Last Month

0%

NaN

Compared to previous month

Last Year

0%

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

1

Swagger UI Dist

Anonymized analytics

SwaggerUI Dist uses Scarf to collect anonymized installation analytics. These analytics help support the maintainers of this library and ONLY run during installation. To opt out, you can set the scarfSettings.enabled field to false in your project's package.json:

// package.json
{
  // ...
  "scarfSettings": {
    "enabled": false
  }
  // ...
}

Alternatively, you can set the environment variable SCARF_ANALYTICS to false as part of the environment that installs your npm packages, e.g., SCARF_ANALYTICS=false npm install.

API

This module, swagger-ui-dist, exposes Swagger-UI's entire dist folder as a dependency-free npm module. Use swagger-ui instead, if you'd like to have npm install dependencies for you.

SwaggerUIBundle and SwaggerUIStandalonePreset can be imported:

1  import { SwaggerUIBundle, SwaggerUIStandalonePreset } from "swagger-ui-dist"

To get an absolute path to this directory for static file serving, use the exported getAbsoluteFSPath method:

1const swaggerUiAssetPath = require("swagger-ui-dist").getAbsoluteFSPath()
2
3// then instantiate server that serves files from the swaggerUiAssetPath

For anything else, check the Swagger-UI repository.

Moderate

6.1/10

Summary

Spoofing attack in swagger-ui-dist

Affected Versions

< 4.1.3

Patched Versions

4.1.3

Moderate

0/10

Summary

Server side request forgery in SwaggerUI

Affected Versions

< 4.1.3

Patched Versions

4.1.3

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

9

SAST

Determines if the project uses static code analysis.

5

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

4

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

2

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/codeql.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/dependabot-merge.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-merge.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/dependabot-merge.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push-unstable.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push-unstable.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push-unstable.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push-unstable.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push-unstable.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push-unstable.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push-unstable.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push-unstable.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push-unstable.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push-unstable.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push-unstable.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push-unstable.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-push.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-build-push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image-check.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/docker-image-check.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/nodejs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-dist.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-dist.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-dist.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-dist.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-dist.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-dist.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui-react.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui-react.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-swagger-ui.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/swagger-api/swagger-ui/release-swagger-ui.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:5: pin your Docker image by updating nginx:1.29.0-alpine to nginx:1.29.0-alpine@sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 13 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 7 out of 7 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.5

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.